Analysis Overview
SHA256
4931f68610fab62c71677ae18c05b4465ee765be96633356ac3d32d10276cf7b
Threat Level: Likely malicious
The file a555ebf2f5ce3c0eb994fe672d48ecb0_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Loads dropped Dex/Jar
Requests dangerous framework permissions
Queries information about active data network
Queries information about the current Wi-Fi connection
Listens for changes in the sensor environment (might be used to detect emulation)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 11:37
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read audio files from external storage. | android.permission.READ_MEDIA_AUDIO | N/A | N/A |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read video files from external storage. | android.permission.READ_MEDIA_VIDEO | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 11:37
Reported
2024-06-13 11:40
Platform
android-x86-arm-20240611.1-en
Max time kernel
69s
Max time network
184s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.hudun.identificationphoto
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.hudun.identificationphoto/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.hudun.identificationphoto/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
ls /sys/class/thermal
com.hudun.identificationphoto:core
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | nim.qiyukf.com | udp |
| CN | 59.111.205.2:443 | nim.qiyukf.com | tcp |
| CN | 59.111.205.2:443 | nim.qiyukf.com | tcp |
| US | 1.1.1.1:53 | qy-swallow.qiyukf.com | udp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| CN | 36.156.202.78:443 | plbslog.umeng.com | tcp |
| CN | 223.109.148.177:443 | ulogs.umeng.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 223.109.148.141:443 | ulogs.umeng.com | tcp |
| GB | 216.58.212.202:443 | tcp | |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 223.109.148.176:443 | ulogs.umeng.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
Files
/data/data/com.hudun.identificationphoto/.jiagu/libjiagu.so
| MD5 | de685970891708f6edfd18f03c6557ba |
| SHA1 | ac50f88327652a72df73d43e9260faf169283c34 |
| SHA256 | b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e |
| SHA512 | cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0 |
/data/data/com.hudun.identificationphoto/.jiagu/classes.dex
| MD5 | ceae35e95316f030b6ab2f86091db51a |
| SHA1 | d84cc76cc35a5a43de1baa33df32f9fba7fd4f56 |
| SHA256 | 6b003f9f8d4f75c74b75ddd57c7451182648f4762646a1072e724bb48a74ea64 |
| SHA512 | aede268e5a78ab507f01ce0667f94212092cb95ce191a1ea0ffabe0f15a0c6886b10ac5dcd3caf34d983fa86a91d0bc4f8856fabd3959b8b56e1691df008bbd5 |
/data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex
| MD5 | 5db579c33fe91c04bfd9cb60b53aaae8 |
| SHA1 | f8802298308840e0eeb48ff55bbbb4bb673b1615 |
| SHA256 | 5ce8e1a155dc7d3f3adbb62980b2aade2e3fc7c4f12fcba05a8a177a5fde3875 |
| SHA512 | 7d44eeed46a768a5a4830e598ee713c5ff27ced69bba0f8a3380213591637ba21b70e04f6076fa294a82708e781117c1d729f51af6e8bafda93a7c28ba72559a |
/data/data/com.hudun.identificationphoto/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/storage/emulated/0/Android/data/com.hudun.identificationphoto/cache/uil-images/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/com.hudun.identificationphoto/unicorn#cheese#
| MD5 | 72da0d88afb6e05794c1b00f3b537e9b |
| SHA1 | b1b136766e6d8aa067c5b6dfef275a4506203291 |
| SHA256 | 99c02c409422a6c608d48b71777e01befbc715cde070db8f50b606e0eedec282 |
| SHA512 | d0fb23a719467cf9b8cac51ead2eb1c314cb50f0ad6d382a7a917b3771a049e55e340563e724b8bf0dee5d187ba3959976fa41100cf3adc73030e02c0b55c669 |
/storage/emulated/0/Android/data/com.hudun.identificationphoto/files/com.qiyukf.unicorn/log/tmp_u_20240613
| MD5 | fcd6bcb56c1689fcef28b57c22475bad |
| SHA1 | 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961 |
| SHA256 | de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31 |
| SHA512 | 73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 11:37
Reported
2024-06-13 11:40
Platform
android-x64-20240611.1-en
Max time kernel
71s
Max time network
184s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.hudun.identificationphoto
com.hudun.identificationphoto:core
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | nim.qiyukf.com | udp |
| CN | 59.111.205.2:443 | nim.qiyukf.com | tcp |
| CN | 59.111.205.2:443 | nim.qiyukf.com | tcp |
| US | 1.1.1.1:53 | qy-swallow.qiyukf.com | udp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.73:443 | plbslog.umeng.com | tcp |
| CN | 223.109.148.178:443 | ulogs.umeng.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 223.109.148.130:443 | ulogs.umeng.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 223.109.148.176:443 | ulogs.umeng.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 223.109.148.177:443 | ulogs.umeng.com | tcp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
Files
/data/data/com.hudun.identificationphoto/.jiagu/libjiagu.so
| MD5 | de685970891708f6edfd18f03c6557ba |
| SHA1 | ac50f88327652a72df73d43e9260faf169283c34 |
| SHA256 | b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e |
| SHA512 | cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0 |
/data/data/com.hudun.identificationphoto/.jiagu/libjiagu_64.so
| MD5 | 13610e81080fa6bd4c3e04fa41b7d156 |
| SHA1 | 2dce460de6535599432e4b747589fec4352c25c7 |
| SHA256 | 42e32fefd12113b9008fa2d3bcfb2d42914a9f958815b14a2745b5172f4c59fa |
| SHA512 | f0eec094c7ebaed28424fa906a73e928843a015a341d36e935bad0ce441fc305b4614618879fc4721406ee1197c91302ba83d16122fb381789acb2cbc0824d23 |
/data/data/com.hudun.identificationphoto/.jiagu/classes.dex
| MD5 | ceae35e95316f030b6ab2f86091db51a |
| SHA1 | d84cc76cc35a5a43de1baa33df32f9fba7fd4f56 |
| SHA256 | 6b003f9f8d4f75c74b75ddd57c7451182648f4762646a1072e724bb48a74ea64 |
| SHA512 | aede268e5a78ab507f01ce0667f94212092cb95ce191a1ea0ffabe0f15a0c6886b10ac5dcd3caf34d983fa86a91d0bc4f8856fabd3959b8b56e1691df008bbd5 |
/data/data/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex
| MD5 | 5db579c33fe91c04bfd9cb60b53aaae8 |
| SHA1 | f8802298308840e0eeb48ff55bbbb4bb673b1615 |
| SHA256 | 5ce8e1a155dc7d3f3adbb62980b2aade2e3fc7c4f12fcba05a8a177a5fde3875 |
| SHA512 | 7d44eeed46a768a5a4830e598ee713c5ff27ced69bba0f8a3380213591637ba21b70e04f6076fa294a82708e781117c1d729f51af6e8bafda93a7c28ba72559a |
/storage/emulated/0/Android/data/com.hudun.identificationphoto/cache/uil-images/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/com.hudun.identificationphoto/unicorn#cheese#
| MD5 | 72da0d88afb6e05794c1b00f3b537e9b |
| SHA1 | b1b136766e6d8aa067c5b6dfef275a4506203291 |
| SHA256 | 99c02c409422a6c608d48b71777e01befbc715cde070db8f50b606e0eedec282 |
| SHA512 | d0fb23a719467cf9b8cac51ead2eb1c314cb50f0ad6d382a7a917b3771a049e55e340563e724b8bf0dee5d187ba3959976fa41100cf3adc73030e02c0b55c669 |
/storage/emulated/0/Android/data/com.hudun.identificationphoto/files/com.qiyukf.unicorn/log/tmp_u_20240613
| MD5 | fcd6bcb56c1689fcef28b57c22475bad |
| SHA1 | 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961 |
| SHA256 | de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31 |
| SHA512 | 73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 11:37
Reported
2024-06-13 11:40
Platform
android-x64-arm64-20240611.1-en
Max time kernel
155s
Max time network
180s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.hudun.identificationphoto
com.hudun.identificationphoto:core
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | nim.qiyukf.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| CN | 59.111.205.2:443 | nim.qiyukf.com | tcp |
| CN | 59.111.205.2:443 | nim.qiyukf.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.78:443 | plbslog.umeng.com | tcp |
| US | 1.1.1.1:53 | qy-swallow.qiyukf.com | udp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| CN | 59.111.205.2:443 | qy-swallow.qiyukf.com | tcp |
| CN | 183.136.182.36:443 | qy-swallow.qiyukf.com | tcp |
Files
/data/user/0/com.hudun.identificationphoto/.jiagu/libjiagu.so
| MD5 | de685970891708f6edfd18f03c6557ba |
| SHA1 | ac50f88327652a72df73d43e9260faf169283c34 |
| SHA256 | b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e |
| SHA512 | cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0 |
/data/user/0/com.hudun.identificationphoto/.jiagu/libjiagu_64.so
| MD5 | 75aa14a4c9889fc246296e70174ce813 |
| SHA1 | 8b2521d2ec518cd54b0496394f8606435534b25f |
| SHA256 | 814aba257c41bb27b492a5ffa91efee3a304d9fd16ea0804820350cf7836a389 |
| SHA512 | 75df7ce90e35c36970eadd0076d1abb3c85762d181ba8ee09e4bc5650d9e73ae636d126eed8030017a0d118443388f65a3af3e80646682ccc8768643ab2f4aa6 |
/data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex
| MD5 | ceae35e95316f030b6ab2f86091db51a |
| SHA1 | d84cc76cc35a5a43de1baa33df32f9fba7fd4f56 |
| SHA256 | 6b003f9f8d4f75c74b75ddd57c7451182648f4762646a1072e724bb48a74ea64 |
| SHA512 | aede268e5a78ab507f01ce0667f94212092cb95ce191a1ea0ffabe0f15a0c6886b10ac5dcd3caf34d983fa86a91d0bc4f8856fabd3959b8b56e1691df008bbd5 |
/data/user/0/com.hudun.identificationphoto/.jiagu/classes.dex!classes2.dex
| MD5 | 5db579c33fe91c04bfd9cb60b53aaae8 |
| SHA1 | f8802298308840e0eeb48ff55bbbb4bb673b1615 |
| SHA256 | 5ce8e1a155dc7d3f3adbb62980b2aade2e3fc7c4f12fcba05a8a177a5fde3875 |
| SHA512 | 7d44eeed46a768a5a4830e598ee713c5ff27ced69bba0f8a3380213591637ba21b70e04f6076fa294a82708e781117c1d729f51af6e8bafda93a7c28ba72559a |
/data/user/0/com.hudun.identificationphoto/cache/uil-images/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/user/0/com.hudun.identificationphoto/unicorn#cheese#
| MD5 | 72da0d88afb6e05794c1b00f3b537e9b |
| SHA1 | b1b136766e6d8aa067c5b6dfef275a4506203291 |
| SHA256 | 99c02c409422a6c608d48b71777e01befbc715cde070db8f50b606e0eedec282 |
| SHA512 | d0fb23a719467cf9b8cac51ead2eb1c314cb50f0ad6d382a7a917b3771a049e55e340563e724b8bf0dee5d187ba3959976fa41100cf3adc73030e02c0b55c669 |
/storage/emulated/0/Android/data/com.hudun.identificationphoto/files/com.qiyukf.unicorn/log/tmp_u_20240613 (deleted)
| MD5 | fcd6bcb56c1689fcef28b57c22475bad |
| SHA1 | 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961 |
| SHA256 | de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31 |
| SHA512 | 73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | a70a346d731be14527f8a10c24a6474f |
| SHA1 | 1deada2f3d790332ee6172528d27f692f5aa3ca1 |
| SHA256 | 95bc9e05c125fa28a11388a5a8299277d8ce56b59c6d2f19edd95c2beb092dd5 |
| SHA512 | 6e4465f90c04a840b50ffb93d76f5dc6c6f4f4724b63be1dd6462956ab3275f520c4fa20fe76aa182fdfefdd0a7ba859d2ce851ca867f9e91989218c5b3f5463 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 9fd71c52cb209aadea377ae325944ffa |
| SHA1 | 8156001de6c6b836967fe2c300e9d308e170c6d3 |
| SHA256 | 4455ff0e3c26b5a36f4a28b14aa51d7a2366f0ee6f5ad98a921b259b7d205146 |
| SHA512 | c9db5bcee8972afcee2a5ea04a2c8b216a5302d44dc5960e4fef47999136cf8d355e45e8e185640c095306ea63b15d0110d0a9544596fe4f84db85cb8e7329cc |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 00e9bda2692c85ade2f1cc3c60d273e3 |
| SHA1 | c8c37825db03473732232bc6394d933c755dcf57 |
| SHA256 | ead8de11112438e529725d703e2e62a9a0e0d6668f1eecadd9f74355b31ad135 |
| SHA512 | 86b13d10185d657647504d5acd8433c097b8a1263220427f8ccac0c623feffc00bcdff3cc974e29f54b73dea5968e6004132d297f302598d7ce96f740b99f538 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 7aa5abd8ed6523d9d005d3acc9495729 |
| SHA1 | 92cb2093e63f16d51a1c4b6966a4f90f49816857 |
| SHA256 | 2a0b525ef800e9f3148afc6fa786798532a5638fabc1be405d17eb702efa5760 |
| SHA512 | 6d9b0fe9559e15bc2293ecd32d0cee1d5fd6d41c4eda16aac30ebd79e14f8a65e7db669729d4f364b1b56197757743d11f79aab9ad44ab2d710ea5a66218133f |
/data/user/0/com.hudun.identificationphoto/files/umeng_it.cache
| MD5 | ecb796a002ac6a87bf0d6d84ed3f80a1 |
| SHA1 | dd4072725e5d55c7551de6bedbce50e4610dc691 |
| SHA256 | f12edd4990845bc9d82e521bc62613772f41624da7a4e8d07da9c0c250736f38 |
| SHA512 | a5846894394991b3c44821a38ec222b8ec564ba51db3ae9dbac144ee07383155ccd16988ce11854e59f5d2fb50dcce6d065ad0ede522f5e4dc0e74f31348fee3 |
/data/user/0/com.hudun.identificationphoto/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4Mjc4NjY3MTg0
| MD5 | e8f8159ca09a6936ccee94a7f6c61623 |
| SHA1 | 853d91d17e55fa329f2dff8c93ecde152cfe6774 |
| SHA256 | e4d804aac8ff5c2c0cf922f219a061606cba07479624fed2d07bc8ae69ae72a8 |
| SHA512 | 700f58aa30657534d79134f0fc2dd72dc9e1a0e6e0a63c9e2fcab13e79feec636ee463ec414b076f5fd4d0a03ede121d67d18af2421d2e800bf7c337bf68b20b |